Merge d66e081 into f396f54

casbin · Jun 23, 2022 · 91a9e0c · 91a9e0c
2 parents f396f54 + d66e081
commit 91a9e0c
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 0 deletions.
diff --git a/src/enforcer.ts b/src/enforcer.ts
@@ -420,6 +420,44 @@ export class Enforcer extends ManagementEnforcer {
 
     return res.filter((n) => !inherits.some((m) => n === m));
   }
+
+  /**
+   * getImplicitResourcesForUser returns all policies that user obtaining in domain.
+   */
+  public async getImplicitResourcesForUser(user: string, ...domain: string[]): Promise<string[][]> {
+    const permissions = await this.getImplicitPermissionsForUser(user, ...domain);
+    const res: string[][] = [];
+    for (const permission of permissions) {
+      if (permission[0] === user) {
+        res.push(permission);
+        continue;
+      }
+      let resLocal: string[][] = [[user]];
+      const tokensLength: number = permission.length;
+      const t: string[][] = [];
+      for (const token of permission) {
+        if (token === permission[0]) {
+          continue;
+        }
+        const tokens: string[] = await this.getImplicitUsersForRole(token, ...domain);
+        tokens.push(token);
+        t.push(tokens);
+      }
+      for (let i = 0; i < tokensLength - 1; i++) {
+        const n: string[][] = [];
+        for (const tokens of t[i]) {
+          for (const policy of resLocal) {
+            const t: string[] = [...policy];
+            t.push(tokens);
+            n.push(t);
+          }
+        }
+        resLocal = n;
+      }
+      res.push(...resLocal);
+    }
+    return res;
+  }
 }
 
 export async function newEnforcerWithClass<T extends Enforcer>(enforcer: new () => T, ...params: any[]): Promise<T> {

diff --git a/src/managementEnforcer.ts b/src/managementEnforcer.ts
@@ -508,6 +508,14 @@ export class ManagementEnforcer extends InternalEnforcer {
     return this.removeFilteredPolicyInternal('g', ptype, fieldIndex, fieldValues);
   }
 
+  public async updateGroupingPolicy(oldRule: string[], newRule: string[]): Promise<boolean> {
+    return this.updateNamedGroupingPolicy('g', oldRule, newRule);
+  }
+
+  public async updateNamedGroupingPolicy(ptype: string, oldRule: string[], newRule: string[]): Promise<boolean> {
+    return this.updatePolicyInternal('g', ptype, oldRule, newRule);
+  }
+
   /**
    * addFunction adds a customized function.
    * @param name custom function name

diff --git a/test/enforcer.test.ts b/test/enforcer.test.ts
@@ -697,3 +697,25 @@ test('TestEnforceExWithPriorityModel', async () => {
   testEnforceEx(e, 'bob', 'data2', 'read', [true, ['data2_allow_group', 'data2', 'read', 'allow']]);
   testEnforceEx(e, 'alice', 'data2', 'read', [false, []]);
 });
+
+test('TestGetImplicitResourcesForUser', async () => {
+  const e = await newEnforcer('examples/rbac_with_pattern_model.conf', 'examples/rbac_with_pattern_policy.csv');
+  expect(await e.getImplicitResourcesForUser('alice')).toEqual([
+    ['alice', '/pen/1', 'GET'],
+    ['alice', '/pen2/1', 'GET'],
+    ['alice', '/book/*', 'GET'],
+    ['alice', '/book/:id', 'GET'],
+    ['alice', '/book2/{id}', 'GET'],
+    ['alice', 'book_group', 'GET'],
+  ]);
+  expect(await e.getImplicitResourcesForUser('bob')).toEqual([
+    ['bob', '/pen/:id', 'GET'],
+    ['bob', '/pen2/{id}', 'GET'],
+    ['bob', 'pen_group', 'GET'],
+  ]);
+  expect(await e.getImplicitResourcesForUser('cathy')).toEqual([
+    ['cathy', '/pen/:id', 'GET'],
+    ['cathy', '/pen2/{id}', 'GET'],
+    ['cathy', 'pen_group', 'GET'],
+  ]);
+});